SSL Certificates Help

Using CAA records with your SSL certificate

A Certificate Authority Authorization (CAA) record can be used to specify which certificate authorities (CAs) are allowed to issue certificates for your domains. CAA records also create notification rules for when a certificate is requested from a CA that isn't permitted by the domain owner.

CAA record check

When you request an SSL certificate from GoDaddy, we will check the DNS of your domain for a CAA record. If there is no record present, your certificate continue through the issuance process. When you request an SSL certificate for a domain that has a CAA record, if GoDaddy is listed on that record, we will continue the issuance process. If something other than godaddy.com or starfieldtech.com is listed on that record, we are unable to issue the certificate to you. The certificate will be denied, and an email will automatically be sent to the requestor and the email address on the CAA record.

Creating a CAA record

You can create a CAA record with your DNS host to limit which CAs can issue an SSL certificate for your domains. To do so, contact your DNS provider and have them list either godaddy.com or starfieldtech.com in the CAA record.